Overview

i placed my payment exactly one week ago and still havent been approved, im from argentina,

I am developing an iOS app using ActivityKit Live Activities with interactive buttons based on LiveActivityIntent. The implementation works correctly: LiveActivityIntent.perform() executes correctly. The Live Activity updates visually. MediaPlayer actions are triggered successfully. The app does not open when tapping the buttons. Repeated taps correctly update the Live Activity state. However, I observed a behavior difference on the Lock Screen: Now Playing controls keep the Lock Screen awake while interacting repeatedly. Apple Stopwatch/Timer controls also keep the Lock Screen awake while interacting. My app’s Live Activity fades to black after around 5–7 seconds even while the user continues tapping the Live Activity buttons. I also tested a third-party timer app with Live Activity buttons and observed the same fade-to-black behavior. I additionally tested: repeated Activity.update(...) calls after each tap; visual state updates after every interaction; multiple consecutive interaction updates. None of these prevented the Lock Screen from dimming/fading to black. So my question is: Is this expected behavior for third-party Live Activities using LiveActivityIntent? Or is there any recommended way to keep the Lock Screen interaction session active while the user is continuously interacting with Live Activity buttons? I am especially interested from an accessibility perspective, because short interaction windows can make repeated Lock Screen interactions more difficult for users with motor impairments or slower interaction patterns.

My Apple Developer Program enrolment been pending since April 2026. I have received no response from Apple since around 2 weeks. I have also contacted support last week but received no response from them as well. I had initially submitted by identity/company verification documents 2 weeks back. However, I still kept getting weekly reminders to upload documents. I have now uploaded the documents for the second time as after the first time I did not receive any confirmation for the submission. I am unable to request for call/phone support. My enrollment ID: QDH59Y57T7 My Case ID: 102887512171 Is there anything else I need to provide? Has anyone else encountered this problem? And what should I do? Thank you.

Hi, I have resolved the issues reported regarding the guidelines 2.3.10 and my app is stick waiting for review for days. re: https://developer.apple.com/forums/thread/826280

While working with Local Authentication framework, specifically LAContext class I found myself with few contradictions to documentation, and although I believe that those differences are rather positive than negative, either documentation is lacking behind or those APIs are not working as intended - which I believe is combination of both. 1. Local Authentication 1.1 Biometry type, and associated with it hash With introduction of LADomainState one can extract underlying biometry type along it's (current) state hash this way: @available(iOS 18, macOS 15, *) func postIOS18() { let context = LAContext() let biometryType = context.domainState.biometry.biometryType // (1) let biometryStateHash = context.domainState.biometry.stateHash // (2) } prior to receiving above APIs, we would retrieve such information something along those lines: func preIOS18() { let context = LAContext() let policy: LAPolicy // ... var error: NSError? _ = context.canEvaluatePolicy(policy, error: error) // (3) // ... (Handle error - if present) let biometryType = context.biometryType // (4) let biometryStateHash = context.evaluatedPolicyDomainState // (5) } However, moving let biometryType = context.biometryType (4) before call to canEvaluatePolicy (3) still yields correct biometry type. This is in contradiction to article from Local Authentication documentation page Optionally, Adjust Your User Interface to Accommodate Face ID. Furthermore, biometryType documentation does not mentions such requirement. Another difference is that call to canEvaluatePolicy (3) might return an error, eg. LAError(.biometryLockout) (if implemented correctly) preventing as from returning biometryStateHash (5) with nil value. This is not the case for new API, where the same call (2) will yield nil as a result - LADomainStateBiometry documentation does not mention it. In summary, here are some questions: Which API should be used to retrieve biometry type?, and why the "older way" has not been deprecated? Is is safe to assume that calls to biometryType and stateHash from LADomainStateBiometry will produce meaningful results without prior call to canEvaluatePolicy? Should I assume that call to biometryType found on LAContext instance will always return biometryType without prior call to canEvaluatePolicy?, or perhaps those are only side effects of changes made to accommodate LADomainState, and prior to them (pre-iOS 18) we must call canEvaluatePolicy to get meaningful value. Are the stateHash properties found on LADomainState, LADomainStateBiometry and LADomainStateCompanion will return nil upon encountering any error under the hood? (which would be equivalent of below code, prior to iOS 18) func biometryStateHash() -> Data? { let context = LAContext() if #available(iOS 18, macOS 15, *) { _ = context.canEvaluatePolicy(policy, error: nil) return context.evaluatedPolicyDomainState } else { return context.domainState.biometry.stateHash } } 1.2 Deprecation of evaluatedDomainState There is a forum post LAContext.evaluatedPolicyDomainState change between major OS versions mentioning missing documentation (fixed), however there's still information missing of how they correlate to each other. From my findings, the deprecated evaluatedDomainState property value matches those of LADomainState stateHash (when no companion device is present), and LADomainStateBiometry stateHash (all the time). Are those assumptions correct? 1.3 LAContext (authenticated) session lifespan Theres is little information about it state when authenticated by the user. Documentation on LAContext does not mention this behavior, while there are hints that once authenticated, and context is reused, any farther calls will not prompt user with UI. The problem is that this behavior is little, to no documented. Here are few examples I have found: Logging a User into Your App with Face ID or Touch ID (code sample) contains comment // Get a fresh context for each login. If you use the same context on multiple attempts //  (by commenting out the next line), then a previously successful authentication //  causes the next policy evaluation to succeed without testing biometry again. //  That's usually not what you want. Recent forum post, where such approach is mentioned by Quinn 'The Eskimo!' "At the API level, one option you have is to create an LAContext and pass it in to each SecItemCopyMatching call via kSecUseAuthenticationContext." WWDC22 Streamline local authorization flows session "By binding the LAContext to our private key reference, we ensure that executing the signature operation will not trigger another authentication, while allowing the operation to continue without unnecessary prompts. These binding also means that no additional user interactions will be required for future signatures until the LAContext is invalidated." Furthermore this is complicated by the touchIDAuthenticationAllowableReuseDuration property from LAContext instance which states that "The default value is 0, meaning that no previous biometric unlock can be reused." which is in direct contradiction to what I have experienced while working with LAContext and sources mentioned above. While digging on this, whether this behavior is intended or not, I came across a post (I would love to share it, but the domain is not permitted) that shared the same findings (and concerns) regarding LAContext behavior as me. The author also provided a FB9984036 feedback number - although no further update was made on that topic. So my questions are: Is it safe to reuse LAContext (authenticated) instance? How long such instance is considered authenticated?, is it a time duration or perhaps it stays in authenticated state until explicitly invalidated using invalidate method. (its invalidated for sure when app is terminated, but this was to be expected :)) How does touchIDAuthenticationAllowableReuseDuration work, and how does it correlate to "reusability" of the authenticated LAContext instance? In what scenarios touchIDAuthenticationAllowableReuseDuration should be used and what is its expected behavior? (I have tried it both on iOS and macOS; from my perspective API this does not "work")

I have reviewed and fixed the reported issues on my app base on the below guidelines and my are still showing awaiting review. How long will it take? Guideline 2.3.10 - Performance - Accurate Metadata Issue Description The app or metadata includes information about third-party platforms that may not be relevant for App Store users, who are focused on experiences offered by the app itself. Next Steps Revise the app's previews to remove non-iOS device images. Reply to App Review in App Store Connect with additional information if the app's functionality and how it interacts with third-party platforms has been misunderstood.

We have been having unexplained failures with the codesign tool recently on macosx aarch64 and x64 hosts. Every once in a while when signing an app locally using the following command: /usr/bin/codesign -s - -vvvv --force /home/me/FooBarCalculator.app results in the following error: /home/me/FooBarCalculator.app: timestamps differ by 185 seconds - check your system clock The number of seconds reported in the error message keeps varying (but usually in that range). We have checked the system clock but there isn't anything wrong (from what we can see) with the host. In fact, we have been seeing this error on several hosts now, so it isn't specific to one host. While looking into this issue, we even printed the details of an already signed binary using the following command: codesign -dvvv HelloWorld.app and that prints among other things, similar warning message: ... Timestamp=12 May 2026 at 5:36:0 AM HelloWorld.app: timestamp mismatch: internal time 12 May 2026 at 5:32:59 AM (184 seconds apart) I'm looking for inputs on how we go about debugging this issue and where/how the codesign tool sources these timestamps from (any specific API?) and what value is it comparing against to notice a difference. These affected hosts have different operating system versions some 15.x and some 26.x.

While working with Local Authentication framework, specifically LAContext class I found myself with few contradictions to documentation, and although I believe that those differences are rather positive than negative, either documentation is lacking behind or those APIs are not working as intended - which I believe is combination of both. 1. Local Authentication 1.1 Biometry type, and associated with it hash With introduction of LADomainState one can extract underlying biometry type along it's (current) state hash this way: @available(iOS 18, macOS 15, *) func postIOS18() { let context = LAContext() let biometryType = context.domainState.biometry.biometryType // (1) let biometryStateHash = context.domainState.biometry.stateHash // (2) } prior to receiving above APIs, we would retrieve such information something along those lines: func preIOS18() { let context = LAContext() let policy: LAPolicy // ... var error: NSError? _ = context.canEvaluatePolicy(policy, error: error) // (3) // ... (Handle error - if present) let biometryType = context.biometryType // (4) let biometryStateHash = context.evaluatedPolicyDomainState // (5) } However, moving let biometryType = context.biometryType (4) before call to canEvaluatePolicy (3) still yields correct biometry type. This is in contradiction to article from Local Authentication documentation page Optionally, Adjust Your User Interface to Accommodate Face ID. Furthermore, biometryType documentation does not mentions such requirement. Another difference is that call to canEvaluatePolicy (3) might return an error, eg. LAError(.biometryLockout) (if implemented correctly) preventing as from returning biometryStateHash (5) with nil value. This is not the case for new API, where the same call (2) will yield nil as a result - LADomainStateBiometry documentation does not mention it. In summary, here are some questions: Which API should be used to retrieve biometry type?, and why the "older way" has not been deprecated? Is is safe to assume that calls to biometryType and stateHash from LADomainStateBiometry will produce meaningful results without prior call to canEvaluatePolicy? Should I assume that call to biometryType found on LAContext instance will always return biometryType without prior call to canEvaluatePolicy?, or perhaps those are only side effects of changes made to accommodate LADomainState, and prior to them (pre-iOS 18) we must call canEvaluatePolicy to get meaningful value. Are the stateHash properties found on LADomainState, LADomainStateBiometry and LADomainStateCompanion will return nil upon encountering any error under the hood? (which would be equivalent of below code, prior to iOS 18) func biometryStateHash() -> Data? { let context = LAContext() if #available(iOS 18, macOS 15, *) { _ = context.canEvaluatePolicy(policy, error: nil) return context.evaluatedPolicyDomainState } else { return context.domainState.biometry.stateHash } } 1.2 Deprecation of evaluatedDomainState There is a forum post LAContext.evaluatedPolicyDomainState change between major OS versions mentioning missing documentation (fixed), however there's still information missing of how they correlate to each other. From my findings, the deprecated evaluatedDomainState property value matches those of LADomainState stateHash (when no companion device is present), and LADomainStateBiometry stateHash (all the time). Are those assumptions correct? 1.3 LAContext (authenticated) session lifespan Theres is little information about it state when authenticated by the user. Documentation on LAContext does not mention this behavior, while there are hints that once authenticated, and context is reused, any farther calls will not prompt user with UI. The problem is that this behavior is little, to no documented. Here are few examples I have found: Logging a User into Your App with Face ID or Touch ID (code sample) contains comment // Get a fresh context for each login. If you use the same context on multiple attempts //  (by commenting out the next line), then a previously successful authentication //  causes the next policy evaluation to succeed without testing biometry again. //  That's usually not what you want. Recent forum post, where such approach is mentioned by Quinn 'The Eskimo!' "At the API level, one option you have is to create an LAContext and pass it in to each SecItemCopyMatching call via kSecUseAuthenticationContext." WWDC22 Streamline local authorization flows session "By binding the LAContext to our private key reference, we ensure that executing the signature operation will not trigger another authentication, while allowing the operation to continue without unnecessary prompts. These binding also means that no additional user interactions will be required for future signatures until the LAContext is invalidated." Furthermore this is complicated by the touchIDAuthenticationAllowableReuseDuration property from LAContext instance which states that "The default value is 0, meaning that no previous biometric unlock can be reused." which is in direct contradiction to what I have experienced while working with LAContext and sources mentioned above. While digging on this, whether this behavior is intended or not, I came across a post (I would love to share it, but the domain is not permitted) that shared the same findings (and concerns) regarding LAContext behavior as me. The author also provided a FB9984036 feedback number - although no further update was made on that topic. So my questions are: Is it safe to reuse LAContext (authenticated) instance? How long such instance is considered authenticated?, is it a time duration or perhaps it stays in authenticated state until explicitly invalidated using invalidate method. (its invalidated for sure when app is terminated, but this was to be expected :)) How does,touchIDAuthenticationAllowableReuseDuration work, and how does it correlate to "reusability" of the authenticated LAContext instance? In what scenarios, touchIDAuthenticationAllowableReuseDuration should be used and what is its expected behavior? (I have tried it both on iOS and macOS; from my perspective API this does not "work")

The epic saga of registering an Apple Developer Account for my company seems to have been successfully resolved. The full story can be read here My account has been approved, I've paid the membership fee, and everything appears to be in order. Huge thanks to everyone, especially the Apple staff members who didn't stay indifferent and went out of their way to help. Current status: My developer account is active. I can sign in to https://developer.apple.com/account and see that everything looks fine - there are no pending actions on my side (no agreements to sign, etc.), and the account appears completely normal. However, when I try to sign in to App Store Connect, I get the following error: To access App Store Connect, you must be an individual or team member in the Apple Developer Program, or invited by an individual to access their content in App Store Connect. (https://appstoreconnect.apple.com/login?errorKey=ITC.signin.error.invalidUser.asc) I'm attaching a screenshot. What I've already tried: Clearing browser cache, trying different browsers and devices, and waiting for some time — none of this helped. On May 9, I submitted a support request (Case ID: 20000112974233), but I still haven't received a response. My guess is that my account may have exhausted its Apple Developer Support request limit, since during the original issue I sent dozens of messages and may have used up my quota. This is just a hypothesis, but if I'm right, I would be very grateful if my ability to receive Apple Developer Support could be restored. Thank you in advance. For reference: similar case: I also did some research and found that another forum user had the same issue, which was resolved through Apple Developer Support (hopefully this helps point in the right direction): https://discussions.apple.com/thread/255265181 Thanks in advance for any help!

In testing in-app push provisioning with a production TestFlight build built with Xcode Cloud (Xcode 26.4.1) the flow is failing when attempting to add cards. I start the flow by choosing the add to wallet button from within the app. I get to the stage “Add Card” and choosing continue fails with “Could Not Add Card” and a button “Set Up Later” Analysing the sysdiagnose logs reveals that the eligibility stage is failing with a HTTP 500 error. [9ix8SPBHSfWEcxLjj+j5bA] ProvisioningOperationComposer: Step 'eligibility' failed with error <PKProvisioningError: severity: 'terminal'; internalDebugDescriptions: '( "eligibility request failure", "Received HTTP 500" )'; underlyingError: 'Error Domain=PKPaymentWebServiceErrorDomain Code=0 "Unexpected error." UserInfo={PKErrorHTTPResponseStatusCodeKey=500, NSLocalizedDescription=Unexpected error.}'; userInfo: '{ PKErrorHTTPResponseStatusCodeKey = 500; }'; > FB22761556

If a user enables/disables Guided Access, they can modify the session settings to disable the top (sleep/wake) button. In Single App Mode (SAM), there is a payload option for disabling the sleep/wake button via Mobile Device Management (MDM). In Autonomous Single App Mode (ASAM), there doesn't appear to be any way to disable the top button. ASAM does not honor the Guided Access sessions settings, and there is no payload option in the MDM. This is a glaring issue especially when ASAM is marketed as the solution for apps in a medical setting where the app is trading hands from a medical professional to a patient. Our app is used during a lengthy procedure and does not function properly if the patient puts the iPad to sleep. We're stuck asking our medical professionals to put the iPad in Guided Access, but the user experience is clunky and would be much improved by implementing ASAM. Is there some little-known API for disabling the sleep/wake button during ASAM that I'm just missing?

Hello, I'm experiencing a persistent issue with TestFlight and app reviews on App Store Connect, and I hope someone else has encountered this before. About a week ago, when trying to add external testers to test the initial TestFlight builds, I received the following error: There was an error processing your request. Please try again later. Since there were no other details, it was impossible to know the source of the problem. After doing some research, I found the root cause of the problem in the browser console; "errors" : [ { "id" : "c7300330-93d7-4aee-af8e-1aeffeff81ae", "status" : "422", "code" : "ENTITY_UNPROCESSABLE.BETA_CONTRACT_MISSING", "title" : "Beta contract is missing for the app.", "detail" : "Beta Contract is missing." } ] Since then: I've researched everything needed for TestFlight, including contracts, bank details, and so on, but I can't create external TestFlight tests. Internal TestFlight builds appear, but they can't be downloaded ("Requested application not available or present"). My applications just won't get past the review process. I've been trying to find a solution for about 10 days now. I've checked everywhere. We even checked with AI, but there's no reason. Important details: This is an individual developer account. I am the account holder. All contracts appear active and valid. This is my first and only application. I've contacted Apple Developer Support, but unfortunately, I haven't received a real solution yet, which makes it unclear how to proceed. Suggestions include checking forums, etc. Has anyone experienced this problem or found a solution? Any information would be greatly appreciated. What should I do? Please help. Thanks!

Hello, My app (Apple ID: 6766249889) has been in "Waiting for Review" status long time after resubmission and answer/replay to Apple Review Team. The account is in good standing, all agreements and banking information are active. Could someone from the App Review team please check whether there is any issue with this submission, or confirm that it is simply pending reviewer assignment? Thank you.

For a couple of months now I haven't been able to see new crash reports for my App Store apps in Xcode. I see the list of crash reports in the Organizer, but selecting any of the new ones always shows the same error message: Error Downloading Crash Log Information: An error occurred preventing Xcode from downloading crash log information. "my.email at domain.com" failed with error: There was a failure decoding response: (HTTP 500, 20364 bytes) The data couldn't be read because it isn't in the correct format.. Pushing the Reload button makes the view load for a bit, but then the same error appears again. Since I want to keep fixing crashes in my apps as fast as possible, is Apple aware of the issue and working on a fix? I don't know if this is a Xcode or App Store Connect issue. I would have expected this issue to be fixed with the newest Xcode version 26.5, but it's still happening. I opened FB22589345 on April 23, but got no response so far.

Hello, My app (Apple ID: 6768121501) has been in "Waiting for Review" status long time with no progress and no messages in the Resolution Center. Could someone from the App Review team please check whether there is any issue with this submission, or confirm that it is simply pending reviewer assignment? Thank you.

Hi everyone, We are working on an app that requires access to devices on the local network (Bonjour / LAN discovery + direct socket communication). We are currently struggling with the Local Network privacy permission flow introduced by Apple. From our understanding, there is no dedicated public API to explicitly request Local Network permission or to reliably determine the current authorization state before attempting network activity. We have tried several commonly suggested approaches to trigger the permission dialog, including: Bonjour browsing via NWBrowser Publishing/listening with NetService UDP/TCP socket attempts on local subnet NWConnection / NWListener Triggering discovery after app launch and after foreground transitions We already added the required entries in: NSLocalNetworkUsageDescription NSBonjourServices However, the behavior is inconsistent across devices and OS versions: Sometimes the popup appears immediately Sometimes it never appears Sometimes network operations silently fail without callback clarity In some cases callbacks are delayed or ambiguous Reinstalling/resetting permissions changes behavior unpredictably Our main challenges are: What is currently considered the most reliable Apple-approved method to trigger the Local Network permission prompt? Is there any officially recommended way to determine whether permission is: not determined denied granted Is there any reliable callback or state transition API developers should use? Are there known differences between: NWBrowser NetService BSD sockets NWConnection when it comes to triggering the permission dialog? Are there recommended retry/timing patterns to avoid race conditions during app launch? Is Apple planning to introduce a dedicated authorization API similar to: AVAuthorizationStatus CLAuthorizationStatus PHPhotoLibrary.authorizationStatus() Right now it feels difficult to provide a reliable UX because there is no deterministic way to: proactively request access observe authorization state recover gracefully when the prompt does not appear Any guidance, DTS references, WWDC sessions, or recommended implementation patterns would be greatly appreciated. Thanks!

Hi, I have a question regarding the relationship between the Apple Developer Enterprise Program membership and an existing APNs certificate used for MDM. Current Situation We are operating an MDM server. We have already obtained a valid APNs certificate via the Apple Push Certificates Portal. Our Apple Developer Enterprise Program membership is about to expire. The only asset we have in the Enterprise account is the MDM CSR used during the APNs certificate issuance process. Question If the Apple Developer Enterprise Program Membership expires: Will the existing APNs certificate remain valid until its expiration date? Or will it become invalid immediately due to the account expiration? Thank you.

It has been 6 days since we submitted our app for review, and the status is still showing “Waiting for Review,” even though the guidelines mention reviews are usually completed within 48 hours. We also contacted support but have not received any response yet. Has anyone else experienced similar delays recently? Any advice would be appreciated.

Hello, Following a rejection, I resubmitted my application for review on May 8, 2026, and requested an expedited review. The status changed to 'In Review' but there have been no updates since then (it has now been 5 days). I have already reached out to developer support but have not yet received a reply. Usually, approval takes only 1 or 2 days, so this delay is unexpected. Has anyone else experienced a similar situation recently? Thank you for your time.

Hi, I submitted my Family Controls entitlement requests on April 15 for my iOS app, but I still haven’t received an approval, rejection, or any status update. This is blocking my ability to properly test and move forward with the app, since it depends on the Screen Time / Family Controls APIs. I've tried contact to apple developer support and filed a code-level support on app connect dashboard. and still nothing received. Here is the request information: code-level support case id: 19834379 apple developer support case id: 102878196850 Family Controls Distribution RequestId: BT4C47F5VB,SLP56WRZ3J,BZ7MF3R4FF,5HAY5UF5X2,P49SM5C859,KG2T2X2L76,N353H759C4 Thanks.